Method, system, and apparatus for identification number authentication

ABSTRACT

A computer based method, system and apparatus of authentication which compares a first number associated with a user with a second number, wherein the second number is a mathematical function of at least two predetermined digits within the user&#39;s identification number, preferably a Social Security Number. A computer based method, system and apparatus for authenticating a user&#39;s identification number, which compares a first code associated with a user with a second code, wherein said second code is an alphabetic translation of at least two predetermined digits within the user&#39;s identification number.

REFERENCE TO COMPUTER PROGRAM LISTING APPENDIX

The present application includes a computer program listing appendix.The appendix contains an ASCII text file of the computer program listingas follows:

Filename: ETAP101US5341-USCOMP.txt

Size: 2 kilobytes

Date Created: Jun. 17, 2003

The computer program listing appendix is hereby expressly incorporatedby reference in the present application.

FIELD OF THE INVENTION

This invention relates generally to a method, system and apparatus foridentification number authentication, more particularly, to a method,system and apparatus for non-intrusively verifying a user's socialsecurity number.

BACKGROUND OF THE INVENTION

The present invention relates generally to authenticating identificationnumbers. Often people are leery of divulging user identificationnumbers, such as social security numbers, on remote or public terminalssuch as the internet or telephone operators, or even placing them ondocuments. For instance, a person using the internet to purchase goodsmay be asked to provide both publicly accessible information such asname and address along with a private user identification number such asa social security number (SSN), or a personal identification number(PIN). One problem with this scenario is that the user may not wish toreveal such information because of concerns about identity theft,maintaining privacy, and unauthorized third party use.

The Federal Trade Commission has noted that misuse of personalidentifying information can result in temporary and sometimes permanentfinancial loss when wages are garnished, tax refunds are withheld, orliens are placed on victims' property as a result of someone else'scriminal use of their identity. Beyond direct financial loss, consumersreport being denied employment, credit, loans (including mortgages andstudent loans), government benefits, utility and telecommunicationsservices, and apartment leases when credit reports and background checksare littered with the fraudulently incurred debts or wrongful criminalrecords of an identity thief. A SSN is especially vulnerable as it is aunique “person identifier” used by many agencies to track informationsuch as credit or employment histories.

Recent legislation relating to identity theft includes the Federal TradeCommission Act, 15 U.S.C. §41 et seq. (prohibiting deceptive or unfairacts or practices, including violations of stated privacy policies);Fair Credit Reporting Act, 15 U.S.C. §1681 et seq. (addressing theaccuracy, dissemination, and integrity of consumer reports); Children'sOnline Privacy Protection Act, 15 U.S.C. §6501 et seq. (prohibiting thecollection of personally identifiable information from young childrenwithout their parents' consent); Identify Theft and AssumptionDeterrence Act of 1998, 18 U.S.C. §1028 (directing the FTC to collectidentity theft complaints, refer them to the appropriate credit bureausand law enforcement agencies, and provide victim assistance);Gramm-Leach-Bliley Act, 15 U.S.C. §6801 et seq. (requiring financialinstitutions to provide notices to consumers and allowing consumers(with some exceptions) to choose whether their financial institutionsmay share their information with third parties).

Under all of this legislation, parties attempting to verify useridentity may be severely limited in their access and use of suchinformation. Thus, currently available methods for authenticating auser's identification number suffer from a lack of security and userprivacy because other parties may intercept information, thus providingunauthorized and illegal access to these numbers. Also, parties with thelegitimate need for this information or concerned about trying toprotect themselves from fraudulent transactions, need a non-invasivemethod for authenticating a user identification number. A variety ofmethods, systems and apparatus for verifying a user identificationnumber are known in the art.

U.S. Pat. No. 4,198,619 (Atalla) discloses a method of operating apersonal verification system. The logic module receives an account codeword (or any other data that is specific for an individual) and a secretcode word from an individual for encoding in accordance with a logicalcombination of such code words altered in accordance with a selectablecontrol word to produce a compiled code word of fixed length. There isno teaching that the second number/code being compared is a mathematicalfunction of at least two predetermined digits within a usersidentification number.

U.S. Pat. No. 4,697,236 (Davies) discloses a secure system foridentification verification by transmission of an access number,preferably a random number, from a central processor to a remoteterminal. The system provides portable identification devices for use byindividuals, programmed to perform specified mathematical functions ondata input thereto. The portable devices may be cumbersome, expensiveand difficult to modify since changes must be coordinated with thecentral processor. Also, there is no teaching of comparing a firstnumber associated with a user with a second number, wherein the secondnumber is a mathematical function of at least two predetermined digitsof the user's identification number.

U.S. Pat. No. 4,992,783 (Zdunek et al.) teaches a method and apparatusfor controlling access to a two-way communication system. The inventionrequires the use of both numbers and password codes in the subscriberunits. Thus, it does not teach a method of authentication using a singleuser identification number.

U.S. Pat. No. 5,093,861 (Graham) discloses a method of authenticationwherein a user identification number is coordinated with an associatedpin code number. There is no teaching of a method of authentication ofthe user's identification number.

U.S. Pat. No. 5,555,303 (Stambler) teaches a secret transaction systemwhich uses a joint code derived from a transaction, document, or thingto code information. The system involves a comparison of re-derivedinformation against information recorded on the document to authenticatethe accuracy of that information. Thus, there is no teaching ofcomparing a first number associated with a user with a second number,wherein the second number is a mathematical function of at least twopredetermined digits of the user's identification number.

U.S. Pat. No. 5,655,020 (Powers) shows a system and method forauthenticating the identity of an authorized person. The algorithminvolves the generation of a second code that has more characterpositions than the first code. Again, there is no teaching of userauthentication based on mathematical functions involving at least twopredetermined digits of a user's identification number.

U.S. Pat. Nos. 5,754,652 and 5,940,511 (Wilfong) disclose a method andapparatus for secure PIN entry in which the user sequentially encodeseach digit of number, one digit at a time. There is no teaching ofnon-sequentially encoding user identification numbers by modifying atleast two digits within the user's identification number.

U.S. Pat. No. 5,754,653 (Canfield) teaches a coding formula forverifying checks and credit cards. The formula involves a numerical basecode which is divided into two parts. Then the check number ortransaction amount is modified by an assigned mathematical mode and eachof the two parts of the base code. There is no teaching of comparing afirst number associated with a user with a second number, wherein thesecond number is a mathematical function of at least two predetermineddigits of the user's identification number.

U.S. Pat. No. 5,956,699 (Wong et al.) relates to a system for securecredit card transaction on the internet. The system generates a personalcharge number from the user account number by inserting a user key intothe user account number. Thus, it fails to teach user authenticationbased on mathematical functions involving at least two predetermineddigits of a user's identification number.

U.S. Pat. No. 6,108,644 (Goldschlag et al.) discloses a system andmethod for electronic transactions, which uses an unblinded validatedcertificate and a blinded unvalidated certification. There is noteaching of user authentication based on mathematical functionsinvolving at least two predetermined digits of a user's identificationnumber.

United States Patent Application No. 2002/0073321 (Kinsella) discloses amethod for fraud prevention for remote transactions in which a “scramblekey” is generated. The user then generates an input code by modifyingtheir user code in accordance with the scramble key. The user code andthe input code are compared and authentication occurs if the user isdetermined to have used the user code to generate the input code. Thescramble key is applied to all or parts of the user code but there is noteaching of the scramble key being a mathematical function that includesonly predetermined digits within the user's identification number.

What is needed, then, is a non-intrusive method and apparatus forauthenticating a user's identification that utilizes the user's SocialSecurity Number.

SUMMARY OF THE INVENTION

The present invention broadly comprises a method and apparatus forauthenticating a user's identification that utilizes the user's SocialSecurity Number.

In preferred embodiments, the present invention includes a computerbased method of authentication. The method includes the steps ofdisplaying a field operatively arranged for entry of data representativeof a mathematical function of digits in a person's Social SecurityNumber and displaying instructions to the person indicating a specificmathematical function to be performed by the person to arrive at therepresentative data. The method also includes displaying a fieldoperatively arranged for entry of other data representative of theidentity of said person. The method also includes receiving the datarepresentative of the mathematical function of digits in the person'sSocial Security Number, as well as receiving other data representativeof the identity of the person. Additionally, the method includesdetermining the person's Social Security Number from the other datarepresentative of the identity of the person, wherein the determining isaccomplished by a lookup process in a database. The method furtherincludes performing the specific mathematical function of digits in theperson's Social Security Number, and comparing a result of theperforming the specific mathematical function of digits in the person'sSocial Security Number with the received data representative of themathematical function of digits in the person's Social Security Numberto authenticate the person's identity.

In additional embodiments, the steps of displaying a field operativelyarranged for entry of data representative of a mathematical function ofdigits in a person's Social Security Number, displaying instructions tosaid person, and displaying a field operatively arranged for entry ofother data representative of the identity of said person occursubstantially simultaneously.

In further embodiments the specific mathematical function is selectedfrom a group consisting of addition, subtraction, division,multiplication, and combinations thereof. In some embodiments the otherdata is selected from a group consisting of the person's first and lastname, bill to and ship to addresses, phone number, and combinationsthereof.

In additional embodiments, the database includes a plurality of entries,each of the entries identifying one individual. The entries including atleast the individual's Social Security Number and the individual's otherdata. The other data being selected from a group consisting of theindividual's first and last name, bill to and ship to addresses, phonenumber, and combinations thereof.

In some embodiments, a transaction can be authorized or denied dependentupon whether the person's identity is authenticated through thecomparing step. In further embodiments, the transaction includes anexchange of assets from at least a first account to a second account.Preferably, the first account is associated with the person and thesecond account is associated with a merchant. In another embodiment, thesecond account is associated with a financial institution.

In other preferred embodiments, the present invention comprises anapparatus for authentication. The apparatus includes a display fieldoperatively arranged for entry of representative data of a mathematicalfunction of digits in a person's Social Security Number, and aninstruction field operatively arranged to display to the person aspecific mathematical function to be performed by the person to arriveat the representative data. The apparatus also includes a means forreceiving the data representative of the mathematical function of digitsin the person's Social Security Number, and an entry field for enteringand receiving other data representative of the identity of the person.The apparatus further includes a means for determining the person'sSocial Security Number from the other data representative of theidentity of the person, wherein the means for determining isaccomplished by a lookup process in a database. Additionally, theapparatus includes a means for performing the specific mathematicalfunction of digits in the person's Social Security Number, and a meansfor comparing a result of the performing the specific mathematicalfunction of digits in the person's Social Security Number with thereceived representative data of the mathematical function of digits inthe person's Social Security Number to authenticate the person'sidentity.

It is an object of the present invention to provide a computer based,non-intrusive method for authentication and verification of a user'sidentification during purchase transactions on the internet.

These and other objects, features, and advantages of the presentinvention will become readily apparent to those having ordinary skill inthe art upon reading the following detailed description of the inventionin view of the several drawings of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The nature and mode of operation of the present invention will now bemore fully described in the following detailed description of theinvention taken with the accompanying drawing figures, in which:

FIG. 1 represents a schematic illustration of a method for carrying outthe present invention;

FIG. 2 represents a detailed schematic illustration of the algorithmincorporated into the method of the present invention;

FIG. 3 is a continuation of the algorithm in FIG. 2;

FIG. 4 is a screen capture of the output of an apparatus of the presentinvention wherein a user enters their personal information;

FIG. 5 is a screen capture of the output of an apparatus of the presentinvention wherein a SSN authentication question is generated;

FIG. 6 is a screen capture of the output of an apparatus of the presentinvention wherein a SSN authentication question is generated, along withtwo other identity verification questions;

FIG. 7 is a screen capture of the output of an apparatus of the presentinvention wherein authentication of a user's identification number hasbeen confirmed based on a single SSN authentication question; and

FIG. 8 is a screen capture of the output of an apparatus of the presentinvention wherein authentication of a user's identification number hasbeen confirmed based on an SSN authentication question and two otheridentity verification questions.

DETAILED DESCRIPTION OF THE INVENTION

While the present invention is described with respect to what ispresently considered to be the preferred embodiments, it is understoodthat the invention is not limited to the disclosed embodiments.

FIG. 1 represents a schematic illustration of a method for carrying outthe present invention wherein a user makes an online purchase. Theauthentication process begins at step 12. The user fills out an onlineorder at step 14. A first number associated with the user is obtainedfrom customer SSN database 16, and then modified with a mathematicalfunction to create a key in step 18. In step 20, the user is thenprompted with a SSN authentication question to generate a second number(hereinafter “response code”), wherein the response code is amathematical function of at least two predetermined digits within theuser's identification number. The response code is compared to the keyin step 22. If the key is equal to the response code in step 24, theuser's identity is authenticated in step 28. Otherwise theauthentication fails at step 26.

In general the SSN authentication question involves adding, subtracting,multiplying or dividing any of the combination of numbers within auser's Social Security Number. The user will be prompted via a web site,via a phone clerk or hard-copy for a tally that would have been added,subtracted, multiplied or divided using a specified grouping of numberswithin the user's Social Security Number. The customer's response willbe either right or wrong (pass or fail), determining if they are usingthe Social Security Number legitimately or fraudulently.

FIGS. 2 and 3 represents a detailed schematic illustration of thealgorithm incorporated into the method of the present invention. Theterm “idresponse” refers to a computer program which a) locates theidentity record from a SSN database and verifies the user's “Bill To”and/or “Ship To” address(es), b) generates a challenge with a SSNauthentication question, and c) compares the identity record as modifiedby the idresponse challenge with the user response to the idresponsepop-up. The order confirmation process starts at step 30. The userenters their order information in step 32. This may be accomplished asfollows: a) the user/customer goes online or calls the merchantsordering center; b) the user places their order; or c) the Check outprocess gathers customer information such as: First Name and Last Name,Address Line 1, Address Line 2, City State and Zip, and Phone. Thevendor then contacts idresponse in step 34 to request verification ofthe user's identity. The contact is determined to be successful orunsuccessful in step 36. If unsuccessful, the vendor contacts idresponsefor assistance in step 38. The vendor continues the transaction with thecustomer in step 40. However, as shown in step 42, the transaction isunverifiable.

If idresponse is successfully contacted, idresponse searches for theidentity record in step 44. If it is not located, the vendor maycontinue the transaction as before, but it is again unverifiable. If theidentity record is located, idresponse verified the address in step 46.Idresponse then generates the challenge to the user in step 48. The userfills in their response in step 50. Idresponse determines the validityof the response in step 52. If invalid, the transaction may continuewith the customer in step 54, but a negative authorization is sent tothe vendor (step 56). If verified, the transaction continues with thecustomer in step 58, and a positive authorization is sent to the vendor(step 60).

In a first example of a mathematical function used to create the key andresponse code, the user is asked to add the two center digits of theirSSN together, and enter the result of the total. If the SSN is123-45-6789, the user adds 4+5 and enters the result “9.” In a secondexample, the user is asked to add the first and last digits of their SSNtogether, and give the result of the total. Thus, if the SSN is123-45-6789, the user adds 1+9 and enters the result “10.” In a thirdexample, the user is asked to subtract the first and last digit of theirSSN, and give the result of the total. If the SSN is 123-45-6789, theuser performs the mathematical function 1−9 and enters the result “−8.”In a fourth example, the user is asked to multiply the first and lastdigits of their SSN together, and give the result of the total. If theSSN is 123-45-6789, the user multiplies 1 by 9 and enters the result“9.” In a fifth example, the user is asked to divide the first digit oftheir SSN by the last digit of their SSN, and enter the result. If theSSN is 123-45-6789, the user divides 1 by 9 and enters the result “1/9.”Variations, permutations, and combinations on each of these variableswithin the embodiments of the invention are also intended to be withinthe spirit and scope of the invention as claimed.

In another example, a central computer may ask the user to modify theuser identification number by performing additional mathematicalfunctions on the at least two predetermined digits. For example, thecomputer requests that the user add 5 to the sum of the two middledigits of the user's SSN. If the SSN is 123-45-6789, the user adds 5+9and enters “14.”

The mathematical functions or alphabetic translation, or constituentparts thereof, may be applied to parts of all, or all of the useridentification number. Thus, the user may be asked to sum all the digitsof their SSN so that if the SSN is 123-45-6789, the user enters “45.” Ina further example, the digit for entry is limited such that the userenters the first digit of the sum of the last four digits of the SSN.The appropriate entry is “3.”

In another example, the user is asked to shift their SSN and thenperform a mathematical or conversion function. For example, the usershifts the digits by one and then adding one to the sum of the shiftedfirst and second digits. If the SSN is 123-45-6789, the user enters“10.”

The present invention also contemplates a comparison method in whichseveral choices are provided and the user selects the appropriate choicebased on their user identification number. For example, the user isasked to provide the third and fifth digits of their SSN and choose theletter which corresponds with the correct answer. Thus, if the SSN is123-45-6789, and choices are given of a) 35 b) 45 c) 12 d) 78, the userchooses a).

Furthermore, the mathematical or conversion functions may be chosen soas to vary randomly from session to session. Also, each session mayconsist of several SSN authentication questions.

In another aspect of the present invention, the mathematical functionmay involve addition, subtraction, division, multiplication, squareroots, exponents, factorials, or logarithms. Details of some of themathematical functions that may be used can be found in variousreferences understood by those of skill in the art such as the Handbookof Mathematical Formulas and Integrals by Allen Jeffrey; Academic Press;2nd edition; (Jan. 15, 2000) incorporated herein in its entirety.

In yet another aspect, the present invention broadly teaches a methodfor authenticating possession of a user identification number, themethod including generating a mathematical formula key, involving, asoperands, at least two digits of the user identification number and amathematical operation involving the at least two digits; providing themathematical formula key to the user and prompting the user to generatean input code wherein the user calculates the input code from themathematical formula key; and receiving the input code from the user.

Another aspect of the present invention is a method of authenticatingpossession of a user identification number by: generating a conversionkey, involving, as operands, at least two digits of a useridentification number and a translation operation involving the at leasttwo digits; providing the conversion key to the user and prompting theuser to generate an input code wherein the user creates the input codefrom the conversion key; and receiving the input code from the user. Inthis aspect of the invention, the conversion key may be an alphabetictranslation such as the conversion of a number to a letter of thealphabet.

The invention may be further modified to determine whether the user usedthe user identification number to generate the input code by retrievingfrom memory the user identification number of the user; calculating averification code, wherein the verification code is produced bymodifying the at least two digits of the user identification number inaccordance with the mathematical formula key or the conversion;comparing the input code and the verification code; and providing anauthentication signal confirming the identity of the user only if theinput code and the verification code are equal.

FIG. 4 is a screen capture of the output of an apparatus of the presentinvention wherein a user enters their personal information (steps 14 and32). FIG. 5 is a screen capture output of an apparatus of the presentinvention wherein a single SSN authentication question is generated(steps 20 and 48). In order to reduce the likelihood of a user randomlyarriving at the correct response, the invention contemplates a series ofquestions requiring repeated congruence between the key and the responsecode. Additionally, the user may be required to answer a series ofquestions requiring knowledge of various combinations of the useridentification number and personal information.

For example, FIG. 6 is a screen capture output of an apparatus of thepresent invention wherein an SSN authentication question is generated,along with two other identity verification questions. FIG. 7 is a screencapture output of an apparatus of the present invention whereinauthentication of a user's identification number has been confirmedbased on the user's correct answer to a single SSN authenticationquestion (steps 28 and 60). FIG. 8 is a screen capture output of anapparatus of the present invention wherein the user's identity isverified based on the user's answers to an SSN authentication questionand two identity verification questions. It should be readily apparentto one skilled in the art that the identity verification questions shownin the figures are two examples that can be constructed from theidentity information kept in databases known in the art. Methods andapparatuses using different questions are within the spirit and scope ofthe invention as claimed.

In the above example, the authentication question refers to amathematical modification of the user's SSN. However, in another aspectof the invention, the authentication question may require the user togenerate an alphabetic or alphanumeric second code/number. An alphabetictranslation may, for example, require the conversion of a number to aletter of the alphabet. The user may be provided a conversion ortranslation key wherein 0=A; 1=B; 2=C; 3=D; 4=E; 5=F; 6=G; 7=H; 8=I; and9=J. The authentication question may then request that the user enterthe alphabetic translation of the last four digits of the user's SSN. Ifthe SSN is 123-45-6789, authentication would occur if the user entered“GHIJ”. Conversions involving symbols, non-English characters,ideograms, and any other methods known in the art are within the spiritand scope of the invention as claimed.

In alternative embodiments, the present invention may be used to preventeavesdropping on any user information entered by the user, whethernumeric or alphanumeric, and whether a short code or longer blocks ofinformation. In any event, the user information which is to be protectedis referred to herein as a user identification number.

It will be understood that, in general, the present invention may beutilized any time a remotely-located agent or computer requests a userentering information into a potentially publicly visible terminal (where“visible” in this sense includes all forms of eavesdropping on all formsof information entry) such as a computer connected to the internet. Thecomputer in general supplies the user with certain mathematical oralphabet conversions and asks the user to use these conversions toprovide a converted version of the information to the computer. Thus,the user may still supply confirming information to the computer oragent that the user indeed is in possession of the confidentialinformation, without the user publicly exhibiting the actual data, butonly a converted version of it.

As will be understood, in alternative embodiments a human agent may beemployed to perform the heretofore described functions of a centralcomputer.

As will further be understood, although account-related transactionsassociated with remote terminals is described herein above, inalternative preferred embodiments users may need to enter their SSN orother confidential information into a data entry terminal that is notnecessarily remotely connected with a remote database, computer, orother facilities of the company managing the account. For instance, auser may enter data into a data entry terminal such as a self-containedautomatic teller machine in an airport or other public location, whichis able to process the user's transaction without remote communication.In this case, for example, the user may listen to instructions or dataentry prompts from a hand-held speaker similar to that used withtelephones, so that the mathematical or alphabetic conversions directedto the user are not audible to unauthorized users who may be nearby. Theuser may then supply his account or other information after convertingit in accordance with the terminal's prompts, for instance by speakingthe information vocally into a microphone in the mouthpiece or byentering the data into a keypad. Similarly, a telephone ortelecommunications terminal may conceivably perform locally database andrelated functions described hereinabove. In another embodiment, aself-contained device such as the user's laptop may require the user toenter confidential passwords or other user codes to access someinformation or applications. In this context as well, an embodiment ofthe present invention may be utilized.

The present invention can benefit the user and the account company byreducing the costs associated resulting from instances of fraud andidentity theft and from the very possibility of such fraud and theft,and should also make the services of a company utilizing the techniquesof the present invention more attractive to users desiringconfidentiality for social security numbers, account numbers and relatedinformation.

The present invention can also be embodied in the form ofcomputer-implemented processes and apparatuses for practicing thoseprocesses. The present invention can also be embodied in the form ofcomputer program code embodied in tangible media, such as floppydiskettes, CD-ROMs, hard drives, or any other computer-readable storagemedium, wherein, when the computer program code is loaded into andexecuted by a computer, the computer becomes an apparatus for practicingthe invention. The present invention can also be embodied in the form ofcomputer program code, for example, whether stored in a storage medium,loaded into and/or executed by a computer, or transmitted as apropagated computer data or other signal over some transmission orpropagation medium, such as over electrical wiring or cabling, throughfiber optics, or via electromagnetic radiation, or otherwise embodied ina carrier wave, wherein, when the computer program code is loaded intoand executed by a computer, the computer becomes an apparatus forpracticing the invention. When implemented on a future general-purposemicroprocessor sufficient to carry out the present invention, thecomputer program code segments configure the microprocessor to createspecific logic circuits to carry out the desired process.

Thus it is seen that the objects of the invention are efficientlyobtained, although changes and modifications to the invention should bereadily apparent to those having ordinary skill in the art, whichchanges are considered to be within the scope of the invention asclaimed. Variations, permutations, and combinations on such embodimentsare also intended to be within the spirit and scope of the invention asclaimed.

1. A computer based method of authentication, comprising the steps of:(a) displaying a field operatively arranged for entry of datarepresentative of a first mathematical function of a first set of digitsin a person's Social Security Number, wherein said first set of digitscomprises any plurality of different digits of said Social SecurityNumber; (b) displaying instructions to said person indicating said firstmathematical function to be performed by said person to arrive at saidrepresentative data; (c) displaying a field operatively arranged forentry of other data representative of the identity of said person; (d)receiving said data representative of said first mathematical functionof said first set of digits in said person's Social Security Number witha processor; (e) receiving other data representative of the identity ofsaid person with said processor; (f) determining said person's SocialSecurity Number from said other data representative of the identity ofsaid person, wherein said determining is accomplished by a lookupprocess in a database with said processor; (g) performing said firstmathematical function of said first set of digits in said person'sSocial Security Number with said processor; (h) comparing a result ofsaid performing said first mathematical function of said first set ofdigits in said person's Social Security Number with said received datarepresentative of said first mathematical function of said first set ofdigits in said person's Social Security Number with said processor toauthenticate said person's identity; and (i) repeating at least steps(a)-(d) and (g)-(h) with new instructions for a second mathematicalformula on a second set of digits in said Social Security Number if saidcomparing step (h) yields a match, wherein said second set of digitsdiffers from said first set of digits and/or said second mathematicalfunction differs from said first mathematical function.
 2. The method ofclaim 1, wherein said first and second mathematical functions areselected from the group consisting of addition, subtraction, division,multiplication, and combinations thereof.
 3. The method of claim 1, saidother data selected from the group consisting of said person's first andlast name, bill to and ship to addresses, phone number, and combinationsthereof.
 4. The method of claim 1, said other data comprising saidperson's first and last name, bill to and ship to addresses, phonenumber, and combinations thereof.
 5. The method of claim 1, saiddatabase comprising: a plurality of entries, each of said entriesidentifying one individual, said entries comprising at least saidindividual's Social Security Number and said other data, said other dataselected from the group consisting of said individual's first and lastname, bill to and ship to addresses, phone number, and combinationsthereof.
 6. The method of claim 1, further comprising the step of: (j)denying authorization of a transaction if said person's identity is notauthenticated through both said comparing step (h) and repeating saidcomparing step (h).
 7. The method of claim 1, further comprising thestep of: (k) authorizing a transaction if said person's identity isauthenticated through both said comparing step (h) and repeating saidcomparing step (h).
 8. The method of claim 7, said transaction being anexchange of assets from at least a first account to a second account. 9.The method of claim 8, said first account associated with said personand said second account associated with a merchant.
 10. The method ofclaim 8, said first account associated with said person and said secondaccount associated with a financial institution.
 11. The method of claim1, said steps of displaying a field operatively arranged for entry ofdata representative of a mathematical function of digits in a person'sSocial Security Number, displaying instructions to said person, anddisplaying a field operatively arranged for entry of other datarepresentative of the identity of said person occurring substantiallysimultaneously.
 12. An apparatus for authentication, comprising: aprocessor; a storage medium comprising software instructions which, whenexecuted by said processor, perform a method of authentication, saidmethod comprising the steps of: (a) displaying a field operativelyarranged for entry of data representative of a first mathematicalfunction of a first set of digits in a person's Social Security Number,wherein said first set of digits comprises any plurality of differentdigits of said Social Security Number; (b) displaying instructions tosaid person indicating said first mathematical function to be performedby said person to arrive at said representative data; (c) displaying afield operatively arranged for entry of other data representative of theidentity of said person; (d) receiving said data representative of saidfirst mathematical function of said first set of digits in said person'sSocial Security Number; (e) receiving other data representative of theidentity of said person; (f) determining said person's Social SecurityNumber from said other data representative of the identity of saidperson, wherein said determining is accomplished by a lookup process ina database; (g) performing said first mathematical function of saidfirst set of digits in said person's Social Security Number; (h)comparing a result of said performing said first mathematical functionof said first set of digits in said person's Social Security Number withsaid received data representative of said first mathematical function ofsaid first set of digits in said person's Social Security Number toauthenticate said person's identity; and (i) repeating at least steps(a)-(d) and (g)-(h) with new instructions for a second mathematicalformula on a second set of digits in said Social Security Number if saidcomparing step (h) yields a match, wherein said second set of digitsdiffers from said first set of digits and/or said second mathematicalfunction differs from said first mathematical function.
 13. A computerbased method of authentication, comprising the steps of: (a) displayinga field operatively arranged for entry of data representative of a firstmathematical function performed on a first set of exactly two digits ina person's Social Security Number, only; (b) displaying instructions tosaid person indicating said first mathematical function to be performedby said person on said first set of exactly two digits in said SocialSecurity Number to arrive at said representative data; (c) displaying afield operatively arranged for entry of other data representative of theidentity of said person; (d) receiving said data representative of saidfirst mathematical function performed on said first set of exactly twodigits in said person's Social Security Number with a processor; (e)receiving other data representative of the identity of said person withsaid processor; (f) determining said person's Social Security Numberfrom said other data representative of the identity of said person,wherein said determining is accomplished by a lookup process in adatabase with said processor; (g) performing said first mathematicalfunction on said exactly first set of two digits in said person's SocialSecurity Number, only, with said processor; (h) comparing a result ofsaid performing said first mathematical function on said exactly firstset of two digits in said person's Social Security Number with saidreceived data representative of said first mathematical functionperformed on said exactly first set of two digits in said person'sSocial Security Number with said processor to authenticate said person'sidentity; and (i) repeating at least steps (a)-(d) and (g)-(h) with newinstructions for a second mathematical formula on a second set ofexactly two digits in said Social Security Number if said comparing step(h) yields a match, wherein said second set of exactly two digitsdiffers from said first set of exactly two digits and/or said secondmathematical function differs from said first mathematical function. 14.An apparatus for authentication, comprising: a processor; a storagemedium comprising software instructions which, when executed by saidprocessor, perform a method of authentication, said method comprisingthe steps of: (a) displaying a field operatively arranged for entry ofdata representative of a first mathematical function performed on afirst set of exactly two digits in a person's Social Security Number,only; (b) displaying instructions to said person indicating said firstmathematical function to be performed by said person on said first setof exactly two digits in said Social Security Number to arrive at saidrepresentative data; (c) displaying a field operatively arranged forentry of other data representative of the identity of said person; (d)receiving said data representative of said first mathematical functionperformed on said first set of exactly two digits in said person'sSocial Security Number; (e) receiving other data representative of theidentity of said person; (f) determining said person's Social SecurityNumber from said other data representative of the identity of saidperson, wherein said determining is accomplished by a lookup process ina database; (g) performing said first mathematical function on saidfirst set of exactly two digits in said person's Social Security Number,only; (h) comparing a result of said performing said first mathematicalfunction on said first set of exactly two digits in said person's SocialSecurity Number with said received data representative of said firstmathematical function performed on said first set of exactly two digitsin said person's Social Security Number to authenticate said person'sidentity; and (i) repeating at least steps (a)-(d) and (g)-(h) with newinstructions for a second mathematical formula on a second set ofexactly two digits in said Social Security Number if said comparing step(h) yields a match, wherein said second set of exactly two digitsdiffers from said first set of exactly two digits and/or said secondmathematical function differs from said first mathematical function. 15.A computer based method of authentication, comprising the steps of: (a)randomly generating a first mathematical function to be performed on afirst set of digits in a person's Social Security Number with aprocessor; (b) displaying a field operatively arranged for entry of datarepresentative of said first mathematical function of said first set ofdigits in said person's Social Security Number; (c) displayinginstructions to said person indicating said first mathematical functionto be performed by said person to arrive at said representative data;(d) displaying a field operatively arranged for entry of other datarepresentative of the identity of said person; (e) receiving said datarepresentative of said first mathematical function of said first set ofdigits in said person's Social Security Number with said processor; (f)receiving other data representative of the identity of said person withsaid processor; (g) determining said person's Social Security Numberfrom said other data representative of the identity of said person,wherein said determining is accomplished by a lookup process in adatabase with said processor; (h) performing said first mathematicalfunction on said first set of digits in said person's Social SecurityNumber with said processor; (i) comparing a result of said performingsaid first mathematical function of said first set of digits in saidperson's Social Security Number with said received data representativeof said first mathematical function of said first set of digits in saidperson's Social Security Number with said processor to authenticate saidperson's identity; and (j) repeating at least steps (a)-(e) and (h)-(i)with new instructions for a second mathematical formula on a second setof digits in said Social Security Number if said comparing step (i)yields a match, wherein said second set of digits differs from saidfirst set of digits and/or said second mathematical function differsfrom said first mathematical function.
 16. An apparatus forauthentication, comprising: a processor; a storage medium comprisingsoftware instructions which, when executed by said processor, perform amethod of authentication, said method comprising the steps of: (a)randomly generating a first mathematical function to be performed on afirst set of digits in a person's Social Security Number; (b) displayinga field operatively arranged for entry of data representative of saidfirst mathematical function of said first set of digits in said person'sSocial Security Number; (c) displaying instructions to said personindicating said first mathematical function to be performed by saidperson to arrive at said representative data; (d) displaying a fieldoperatively arranged for entry of other data representative of theidentity of said person; (e) receiving said data representative of saidfirst mathematical function of said first set of digits in said person'sSocial Security Number; (f) receiving other data representative of theidentity of said person; (g) determining said person's Social SecurityNumber from said other data representative of the identity of saidperson, wherein said determining is accomplished by a lookup process ina database; (h) performing said first mathematical function on saidfirst set of digits in said person's Social Security Number; (i)comparing a result of said performing said first mathematical functionof said first set of digits in said person's Social Security Number withsaid received data representative of said first mathematical function ofsaid first set of digits in said person's Social Security Number toauthenticate said person's identity; and (j) repeating at least steps(a)-(e) and (h)-(i) with new instructions for a second mathematicalformula on a second set of digits in said Social Security Number if saidcomparing step (i) yields a match, wherein said second set of digitsdiffers from said first set of digits and/or said second mathematicalfunction differs from said first mathematical function.
 17. A computerbased method of authentication, comprising the steps of: (a) forming afirst single group of digits by choosing a plurality of different digitsfrom a person's Social Security Number with a processor; (b) displayinga field operatively arranged for entry of data representative of a firstmathematical function performed on said first single group of digitsonly; (c) displaying instructions to said person indicating said firstmathematical function to be performed on said first single group ofdigits by said person to arrive at said representative data; (d)displaying a field operatively arranged for entry of other datarepresentative of the identity of said person; (e) receiving said datarepresentative of said first mathematical function performed on saidfirst group of digits with said processor; (f) receiving other datarepresentative of the identity of said person with said processor; (g)determining said person's Social Security Number from said other datarepresentative of the identity of said person, wherein said determiningis accomplished by a lookup process in a database with said processor;(h) performing said first mathematical function on said first singlegroup of digits only with said processor; (i) comparing a result of saidperforming said first mathematical function on said first group ofdigits formed from said person's Social Security Number with saidreceived data representative of said first mathematical functionperformed on said first single group of digits only with said processorto authenticate said person's identity; (j) repeating at least steps(a)-(e) and (h)-(i) with new instructions for a second mathematicalformula on a second single group of digits in said Social SecurityNumber if said comparing step (i) yields a match, wherein said secondsingle group of digits differs from said first single group of digitsand/or said second mathematical function differs from said firstmathematical function.
 18. An apparatus for authentication, comprising:a processor; a storage medium comprising software instructions which,when executed by said processor, perform a method of authentication,said method comprising the steps of: (a) forming a first single group ofdigits by choosing a plurality of different digits from a person'sSocial Security Number; (b) displaying a field operatively arranged forentry of data representative of a first mathematical function performedon said first single group of digits only; (c) displaying instructionsto said person indicating said first mathematical function to beperformed on said first single group of digits by said person to arriveat said representative data; (d) displaying a field operatively arrangedfor entry of other data representative of the identity of said person;(e) receiving said data representative of said first mathematicalfunction performed on said first group of digits; (f) receiving otherdata representative of the identity of said person; (g) determining saidperson's Social Security Number from said other data representative ofthe identity of said person, wherein said determining is accomplished bya lookup process in a database; (h) performing said first mathematicalfunction on said first single group of digits only; (i) comparing aresult of said performing said first mathematical function on said firstgroup of digits formed from said person's Social Security Number withsaid received data representative of said first mathematical functionperformed on said first single group of digits only to authenticate saidperson's identity; (j) repeating at least steps (a)-(e) and (h)-(i) withnew instructions for a second mathematical formula on a second singlegroup of digits in said Social Security Number if said comparing step(i) yields a match, wherein said second single group of digits differsfrom said first single group of digits and/or said second mathematicalfunction differs from said first mathematical function.